shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: overhaul

Browse Source
This commit is contained in:
auricom
2025-01-04 00:00:04 +01:00
parent b14022014b
commit 0c9529c7a2
408 changed files with 3187 additions and 2380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kubernetes/apps/database/crunchy-postgres-operator/clustersecretstore/clustersecretstore.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: crunchy-pgo-secrets
spec:
provider:
kubernetes:
remoteNamespace: database
server:
caProvider:
type: ConfigMap
name: kube-root-ca.crt
namespace: database
key: ca.crt
auth:
serviceAccount:
name: external-secrets-pg
namespace: database

7
kubernetes/apps/database/crunchy-postgres-operator/clustersecretstore/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./rbac.yaml
- ./clustersecretstore.yaml

31
kubernetes/apps/database/crunchy-postgres-operator/clustersecretstore/rbac.yaml Normal file
View File

@@ -0,0 +1,31 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-secrets-pg
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["authorization.k8s.io"]
resources: ["selfsubjectrulesreviews"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &name external-secrets-pg
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *name
subjects:
- kind: ServiceAccount
name: *name
namespace: database
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-secrets-pg
namespace: database